Method, system, and program for a transparent file restore

ABSTRACT

Provided is a method, system, and program for automatically handling an error when retrieving a file for an application. An error is detected while the application retrieves a file from the storage device. A user defined policy is checked to determine whether a backup copy should be restored, and the file is restored from the backup copy if the user defined policy indicates that the backup copy should be used.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to a system, method, and program forautomatically restoring corrupt or missing data files.

2. Description of the Related Art

Applications running on a host or server system typically retrieve andstore data files on a storage device. The storage device may becomprised of a simple disk drive or multiple disks, such as the casewith a Direct Access Storage Device (DASD), Just a Bunch of Disks(JBOD), a Redundant Array of Independent Disks (RAID), etc.Periodically, access to a file or a collection of files can simply failfor a number of reasons, such as a media Input/Output (I/O) error due toa corrupted file, or the prior deletion of the file, unintentional ornot. The most common cause of I/O errors is the operating systemcrashing (e.g. resource sharing errors, software incompatibility, etc.)or improper shutdown of the system.

When such errors occur, the application accessing the data file usuallyfails also. Typically, the user must start a separate application torestore the necessary files and then restart the failed application fromthe beginning. A significant loss of time and productivity is oftenincurred during this process. Furthermore, the end-user may not alwaysbe familiar with the operation to restore the lost or corrupt file(s),and this process may require the intervention of a support person orgroup to complete.

For these reasons, there is a need in the art to provide techniques tobetter manage access failures to avoid system disruption.

SUMMARY OF THE PREFERRED EMBODIMENTS

Provided is a method, system, and program for automatically handling anerror when retrieving a file for an application. An error is detectedwhile the application retrieves a file from the storage device. A userdefined policy is checked to determine whether a backup copy should berestored, and the file is restored from the backup copy if the userdefined policy indicates that the backup copy should be used.

Additionally, all modifications to files are monitored in a change logand all file retrieval requests are monitored for errors. Moreover, adetermination is made on whether the file has been modified since thebackup copy was made. The determination can be made by comparing themodification date in the change log and the time of when the backup copywas made.

In further implementations, the user defined policy is capable ofindicating when the backup copy should be used in one of multiplecircumstances. The multiple circumstances can include, but are notlimited to, situations where the file is damaged and no modificationswere made since the backup copy was made; the file is damaged andmodifications to the file have been made since the backup copy was made;the file is missing and no modifications were made since the backup copywas made; and the file is missing and modifications to the file havebeen made since the backup copy was made.

In still further implementations, the backup copy is transmittedaccording to the user defined policy wherein the backup copy is providedto the application if the user defined policy authorizes the use of thebackup copy or the error message is provided to the application withoutthe backup copy if the user defined policy does not authorize the use ofthe backup copy.

By providing an automatic file restore function, when an error occursduring the retrieval of a file, the application will not fail because ofthe error. Thus, the present invention alleviates the need to start aseparate application to restore the necessary files and eliminates theneed to restart the failed application from the beginning. Moreover, theend-user will not need the intervention of a support person or group tocomplete the file restore even if the user is not familiar with theoperation to restore the lost or corrupt file(s). Thereby, a significantamount of time, cost, and productivity is saved.

BRIEF DESCRIPTION OF THE DRAWINGS

Referring now to the drawings in which like reference numbers representcorresponding parts throughout:

FIG. 1 illustrates a computing environment in which aspects of theinvention are implemented;

FIG. 2 illustrates logic implemented in a change log filter to maintainthe change log;

FIG. 3 illustrates logic implemented in a file restore filter inaccordance with implementations of the invention;

FIG. 4 illustrates logic implemented in the file restore filter tohandle an unreadable file error in accordance with implementations ofthe invention;

FIG. 5 illustrates logic implemented in the file restore filter tohandle a missing file error in accordance with implementations of theinvention; and

FIG. 6 illustrates the default settings of the user defined policy inaccordance with implementations of the invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

In the following description, reference is made to the accompanyingdrawings which form a part hereof and which illustrate severalembodiments of the present invention. It is understood that otherembodiments may be utilized and structural and operational changes maybe made without departing from the scope of the present invention.

FIG. 1 illustrates a computing environment in which aspects of theinvention are implemented. A host system 2 typically includes one ormore application programs 8 running on an operating system 12. Theapplication programs 8 can comprise any database program, wordprocessing program, spreadsheet program, etc. that is known in the art.The operating system 12 can be a UNIX based system or a WINDOWS**system. In between the operating system 12 and the application program 8is a file restore filter 10, which monitors all Input/Output (I/O)requests to a storage device 14. In addition, in a non-Windowsenvironment, a change log filter 11 also exists between the applicationprograms 8 and the operating system 12, which tracks changes made to anyfiles and records the date and time of the file changes in a change log6. In a Windows environment, the native logging mechanism is used togenerate the change log 6. The change log filter 11 is discussed belowin greater detail with respect to FIG. 2. In the preferred embodiments,the file restore filter 10 contains the logic to perform the transparentrestore function, which is activated if an error message is generatedwhile retrieving a file from the storage device 14. The file restorefilter 10 works in conjunction with the user defined policy 4, whereinthe user defined policy 4 contains the preferences of the user fordifferent error circumstances. The user defined policy 4 is stored inthe storage device 14, but is retrieved to the host memory (not shown)as needed by the file restore filter 10. The file restore filter 10 andthe user defined policy 4 will be discussed in greater detail withrespect to FIGS. 3-5. The storage device 14 is comprised of any storagedevice known in the art including a simple disk drive or multiple disks,such as the case with a Direct Access Storage Device (DASD), Just aBunch of Disks (JBOD), a Redundant Array of Independent Disks (RAID),etc. In addition to the storage device 14, a backup server 16 is alsoattached to the host system 2, which maintains backup copies of allfiles that are kept on the storage device 14. The backup server cancomprise any known backup system known in the art.

FIG. 2 illustrates logic implemented in a change log filter 11 tomaintain the change log 6. As changes are made to a file during therunning of an application 8, the changes are detected when saved to thestorage device 14 (at block 100) and recorded in a change log 6 (atblock 102). If logging mechanisms exist in the operating system 12 theyare used. For example, in a Windows environment, the native loggingmechanism in Windows is used. Otherwise, a separate logging filter 11 isused to record all changes made by the application 8 to the files.

FIG. 3 illustrates logic implemented in the file restore filter 10 toperform the transparent restore function. In the describedimplementations, the file restore filter 10 is an extension to thekernel of the operating system 12. Upon the initialization of the hostsystem 2, the file restore filter 10 is loaded into the memory as partof the kernel of the operating system 12. The file restore filter 10monitors all read/write functions performed by an application that isbeing run on the host system 2. All open or read requests from theapplication 8 are passed through file restore filter 10 to the operatingsystem 12. The file is retrieved by the operating system 12 and reportedfirst to the file restore filter 10. If no problems are detected duringthe retrieval process, then the file is passed on (i.e filtered) to theapplication 8.

Control begins at block 200 where the application 8 performs a readoperation. At block 202, all “read events” on files by the application 8are monitored using the restore filter driver 10. If no problems aredetected during the retrieval process, then the file is passed on (i.efiltered) to the application 8 at block 206 and the host systemcontinues to operate normally. However, if the file to be retrieved isdetected as being damaged or missing at block 204, the error message isintercepted by the file restore filter 10 at block 208. Depending onwhether the error message sends back a file error as being damaged ormissing, the transparent file restore function applies different logicwith regards to checking the currency of the backup copy (at block 210).For damaged files, the file restore filter 10 checks the backup copy todetermine if the backup copy is current by comparing the date of thelast file backup with the date of the damaged file. On the other hand,if the file is missing (i.e. deleted), the change log is checked todetermine whether the backup copy is current. Depending on the usersetting (i.e. a check is made on the user defined policy 4 at block212), the transparent file restore function will perform the appropriatefunction based on the state of the backup copy and the user definedpolicy 4 (at block 214). Additionally, the user defined policy 4 mayspecify no further action to perform beyond passing and logging an errormessage. The user defined policy 4 may be set for four different errorcircumstances: (1) File is unreadable, and no changes since last backup(2) File is unreadable, but was changed since last backup, (3) File isMissing, and no changes since last backup, or (4) File is Missing, butwas changed since last backup. The user can choose to restore the backupcopy, or to not restore the backup copy and just pass on the error tothe application for each circumstance. If (at block 216) the file existson the backup server 16 and the user defined policy 4 indicates that thefile should be restored, a storage manager program (e.g. Tivoli**Storage Manager) is called (at block 218) to restore the file, and theapplication is allowed to proceed with the backup version of therestored file without causing the application to fail due to the error.Otherwise, an error message is printed (at block 220) and a dialogdisplayed to ask the user whether to proceed with the restore.

**Tivoli is a trademark of International Business Machines Corporation.Windows is a trademark of Microsoft Corporation.

If (at block 222) the user selects to proceed with the restore, controlproceeds to block 218 to perform the restore. Otherwise, if the userdoes not select to proceed with restore, then an error message isreturned (at block 224) to the application 8. The various user definedpolicies 4 for each error circumstance will now be discussed below inconjunction with FIGS. 4 and 5.

FIG. 4 illustrates logic implemented in the file restore filter 10 tohandle an unreadable file error in accordance with implementations ofthe invention. Control begins at block 300 with the file restore filter10 receiving an unreadable error message from the operating system 12.Since the file exists, but unreadable, the file access authorization haslikely been verified already and does not need to be checked againbefore the file restore function is implemented. Moreover, the user hasthe option to shut off the file restore filter 10 so that an errormessage is passed through even when there has not been any changesbetween the backup copy and the damaged file. At block 302, the filesystem, which is a part of operating system 12, provides the time of thelast modification of the damaged file, and the backup server 16 providesthe time of the last backup. The file restore filter 10 makes acomparison between the time of the last modification of the damaged fileand the time of the last backup (at block 304) to determine whetherchanges have been made since the last backup copy.

If (at block 304) no changes were made to the damaged file since thelast backup, at block 306, the file is retrieved from the backup server16 and transparently restored to the application 8. If changes were madeto the file since the last backup, the file restore filter 10 checks theuser defined policy 4 for the user preference (at block 308). If (atblock 310) the option to restore transparently is selected, the file isretrieved from the backup server 16 and written to the storage device 14(at block 312). The backup copy is saved to the storage device 14 andthe backup copy data is made available to the application 8. If theoption to restore transparently is not selected by the user, the errormessage is passed through to the application 8 (at block 314).

FIG. 5 illustrates logic implemented in the file restore filter 10 tohandle a missing file error in accordance with implementations of theinvention. Control begins at block 400 with the file restore filter 10receiving a missing file error message from the operating system 12.Since the file has been deleted or is missing, at block 404, accessauthorization will need to be verified against information stored in thebackup server 16 to make sure the application 8 has authorization toaccess the backup copy. Once the verification is completed, the backupserver 16 provides information about the backup copy (i.e. time ofbackup) and the change log provides information about the missing ordeleted file (i.e. time of last modifications to the file). Thus, basedon the logging mechanism (or other change tracking mechanism) of theoperating system 12 and the information provided by the backup server16, the file restore filter 10 can determine whether changes have beenmade to file being retrieved since the last backup (at block 406). Thefile restore filter 10 also checks the user defined policy 4 for theuser preference in such a case (at block 408). If the file exists on thebackup server 16 and the user policy indicates that the file should berestored (at block 410), then the backup server 16 is used to restorethe file (at block 412), and the application is allowed to proceed withthe backup version of the restored file without causing the applicationto fail due to the error. As mentioned, the user defined policy 4 maynot specify any particular action to perform. However, if the option torestore transparently is not selected by the user, the error message ispassed through to the application 8 (at block 414).

FIG. 6 illustrates an example of the default settings on the userdefined policy 4 in accordance with implementations of the invention.The default user defined policy 4 provides settings for four differenterror circumstances. (1) File is unreadable, and no changes since lastbackup (2) File is unreadable, but was changed since last backup, (3)File is Missing, and no changes since last backup, or (4) File isMissing, but was changed since last backup. The default may be set torestore the backup file automatically in all circumstances. However, theuser can choose to modify the default setting for one or more errorcircumstance to not restore (and just pass as failure) depending on theuser's preference. Still further, the user defined policy 4 may specifyno further action to perform beyond passing and logging an errormessage. In such case, the default settings in the user defined policytable of FIG. 6 would specify no action to perform for one or more ofthe listed error circumstances.

ADDITIONAL IMPLEMENTATION DETAILS

The preferred embodiments may be implemented as a method, apparatus orarticle of manufacture using standard programming and/or engineeringtechniques to produce software, firmware, hardware, or any combinationthereof. The term “article of manufacture” as used herein refers to codeor logic implemented in hardware logic (e.g., an integrated circuitchip, Field Programmable Gate Array (FPGA), Application SpecificIntegrated Circuit (ASIC), etc.) or a computer readable medium (e.g.,magnetic storage medium (e.g., hard disk drives, floppy disks, tape,etc.), optical storage (CD-ROMs, optical disks, etc.), volatile andnon-volatile memory devices (e.g., EEPROMs, ROMs, PROMs, RAMs, DRAMs,SRAMs, firmware, programmable logic, etc.). Code in the computerreadable medium is accessed and executed by a processor. The code inwhich preferred embodiments are implemented may further be accessiblethrough a transmission media or from a file server over a network. Insuch cases, the article of manufacture in which the code is implementedmay comprise a transmission media, such as a network transmission line,wireless transmission media, signals propagating through space, radiowaves, infrared signals, etc. Of course, those skilled in the art willrecognize that many modifications may be made to this configurationwithout departing from the scope of the present invention, and that thearticle of manufacture may comprise any information bearing medium knownin the art.

The preferred logic of FIGS. 2-4 describes specific operations occurringin a particular order. In alternative implementations, certain of thelogic operations may be performed in a different order, modified orremoved. Morever, steps may be added to the above described logic andstill conform to the described implementations. Further, operationsdescribed herein may occur sequentially or certain operations may beprocessed in parallel.

In addition, the file restore filter was described as being implementedin the kernel of the operating system. Alternatively, the file restorefilter can be implemented in alternative ways, such as a part of theapplication program that interacts with the operating system, part ofthe operating system, a separate application program, etc.

The foregoing description of the preferred embodiments of the inventionhas been presented for the purposes of illustration and description. Itis not intended to be exhaustive or to limit the invention to theprecise form disclosed. Many modifications and variations are possiblein light of the above teaching. It is intended that the scope of theinvention be limited not by this detailed description, but rather by theclaims appended hereto. The above specification, examples and dataprovide a complete description of the manufacture and use of thecomposition of the invention. Since many embodiments of the inventioncan be made without departing from the spirit and scope of theinvention, the invention resides in the claims hereinafter appended.

1. A method for automatically handling an error when retrieving a filefor an application, comprising: detecting the error when the applicationattempts to retrieve the file from a storage device; checking a userdefined policy to determine whether a backup copy should be restored,wherein the user defined policy is capable of indicating when the backupcopy should be used in one of multiple circumstances based on whetherthe error is caused by a damaged file or by a missing file, and whereinthe multiple circumstances are when the file is damaged and nomodifications were made since the backup copy was made; the file isdamaged and modifications to the file have been made since the backupcopy was made; the file is missing and no modifications were made sincethe backup copy was made; and the file is missing and modifications tothe file have been made since the backup copy was made; and restoringthe file from the backup copy if the user defined policy indicates thatthe backup copy should be used.
 2. The method of claim 1, furthercomprising: locating a backup copy of the file if one backup copyexists, wherein the user defined policy is checked and the file restoredif the backup copy exists.
 3. The method of claim 1, further comprising:determining whether the file has been modified since the backup copy wasmade.
 4. The method of claim 1, further comprising: monitoring allmodifications to files in a change log; and monitoring all fileretrievals for errors.
 5. The method of claim 4, further comprising:determining whether the file has been modified since the backup copy wasmade by comparing a modification date in the change log and the time ofwhen the backup copy was made.
 6. The method of claim 1, wherein thestep of providing the backup copy according to the user defined policyfurther comprises: providing the backup copy to the application if theuser defined policy authorizes use of the backup copy; and providing anerror message without the backup copy to the application if the userdefined policy does not authorize the backup copy.
 7. The method ofclaim 6, further comprises: verifying access authorization beforeproviding the backup copy.
 8. The method of claim 1, wherein a defaultsetting for the user defined policy is to automatically restore thebackup file copy.
 9. The method of claim 1, wherein the step of checkinga user defined policy to determine whether the backup copy should beused only occurs if the file has been modified since the backup copy wasmade.
 10. A system for automatically handling an error when retrieving afile for an application, comprising: means for detecting the error whenthe application attempts to retrieve the file from a storage device;means for checking a user defined policy to determine whether a backupcopy should be restored, wherein the user defined policy is capable ofindicating when the backup copy should be used in one of multiplecircumstances based on whether the error is caused by a damaged file orby a missing file, and wherein the multiple circumstances are when thefile is damaged and no modifications were made since the backup copy wasmade; the file is damaged and modifications to the file have been madesince the backup copy was made; the file is missing and no modificationswere made since the backup copy was made; and the file is missing andmodifications to the file have been made since the backup copy was made;and means for restoring the file from the backup copy if the userdefined policy indicates that the backup copy should be used.
 11. Thesystem of claim 10, further comprising: means for locating a backup copyof the file if one backup copy exists, wherein the user defined policyis checked and the file restored if the backup copy exists.
 12. Thesystem of claim 10, further comprising: means for determining whetherthe file has been modified since the backup copy was made.
 13. Thesystem of claim 10, further comprising: means for monitoring allmodifications to files in a change log; and means for monitoring allfile retrievals for errors.
 14. The system of claim 13, furthercomprising: means for determining whether the file has been modifiedsince the backup copy was made by comparing a modification date in thechange log and the time of when the backup copy was made.
 15. The systemof claim 10, wherein the means of providing the backup copy according tothe user defined policy further comprises: means for providing thebackup copy to the application if the user defined policy authorizes useof the backup copy; and means for providing an error message without thebackup copy to the application if the user defined policy does notauthorize the backup copy.
 16. The system of claim 15, furthercomprises: means for verifying access authorization before providing thebackup copy.
 17. The system of claim 10, wherein a default setting forthe user defined policy is to automatically restore the backup filecopy.
 18. The system of claim 10, wherein the means for checking a userdefined policy to determine whether the backup copy should be used isonly activated if the file has been modified since the backup copy wasmade.
 19. An article of manufacture for automatically handling an errorwhen retrieving a file for an application, comprising a computer usablemedia including at least one computer program embedded therein that iscapable or causing at least one computer to perform: detecting the errorwhen the application attempts to retrieve a file from a storage device;checking a user defined policy to determine whether a backup copy shouldbe restored, wherein the user defined policy is capable of indicatingwhen the backup copy should be used in one of multiple circumstancesbased on whether the error is caused by a damaged file or by a missingfile, and wherein the multiple circumstances are when the file isdamaged and no modifications were made since the backup copy was made;the file is damaged and modifications to the file have been made sincethe backup copy was made; the file is missing and no modifications weremade since the backup copy was made; and the file is missing andmodifications to the file have been made since the backup copy was made;and restoring the file from the backup copy to the application if theuser defined policy indicates that the backup copy should be used. 20.The article of manufacture of claim 19, further comprising: locating abackup copy of the file if one backup copy exists, wherein the userdefined policy is checked and the file restored if the backup copyexists.
 21. The article of manufacture of claim 20, wherein the programstep of providing the backup copy according to the user defined policyfurther performs: providing the backup copy to the application if theuser defined policy authorizes use of the backup copy; and providing anerror message without the backup copy to the application if the userdefined policy does not authorize the backup copy.
 22. The article ofmanufacture of claim 21, further performing: verifying accessauthorization before providing the backup copy.
 23. The article ofmanufacture of claim 20, wherein a default setting for the user definedpolicy is to automatically restore the backup file copy.
 24. The articleof manufacture of claim 20, wherein the program step of checking a userdefined policy to determine whether the backup copy should be used onlyoccurs if the file has been modified since the backup copy was made. 25.The article of manufacture of claim 19, further performing: determiningwhether the file has been modified since the backup copy was made. 26.The article of manufacture of claim 19, further performing: monitoringall modifications to files in a change log; and monitoring all fileretrievals for errors.
 27. The article of manufacture of claim 26,further performing: determining whether the file has been modified sincethe backup copy was made by comparing a modification date in the changelog and the time of when the backup copy was made.